onny/verwaltungstracker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add permissions via plan.group

Browse source
This commit is contained in:
Stefan Wehrmeyer 2022-02-16 14:30:47 +01:00
parent 19170142c3
commit df92fa5c27
2 changed files with 101 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

83
froide_govplan/admin.py
View file

@ -1,5 +1,5 @@
from django import forms
from django.contrib import admin
from django.contrib import admin, auth
from django.urls import reverse_lazy
from tinymce.widgets import TinyMCE
@ -8,6 +8,8 @@ from froide.helper.widgets import TagAutocompleteWidget
from .models import Government, GovernmentPlan, GovernmentPlanUpdate
User = auth.get_user_model()
class GovernmentPlanAdminForm(forms.ModelForm):
class Meta:
@ -24,9 +26,7 @@ class GovernmentPlanUpdateAdminForm(forms.ModelForm):
class Meta:
model = GovernmentPlanUpdate
fields = "__all__"
widgets = {
"content": TinyMCE(attrs={'cols': 80, 'rows': 30})
}
widgets = {"content": TinyMCE(attrs={"cols": 80, "rows": 30})}
class GovernmentAdmin(admin.ModelAdmin):
@ -54,9 +54,10 @@ class GovernmentPlanUpdateAdmin(admin.ModelAdmin):
form = GovernmentPlanUpdateAdminForm
raw_id_fields = ("user", "foirequest")
list_display = (
"title",
"timestamp",
"plan",
"user",
"timestamp",
"status",
"rating",
"public",
@ -65,7 +66,10 @@ class GovernmentPlanUpdateAdmin(admin.ModelAdmin):
"status",
"public",
)
search_fields = ("title", "plan__title",)
search_fields = (
"title",
"plan__title",
)
date_hierarchy = "timestamp"
def get_queryset(self, request):
@ -74,8 +78,75 @@ class GovernmentPlanUpdateAdmin(admin.ModelAdmin):
"plan",
"user",
)
if self.has_limited_access(request.user):
qs = qs.filter(plan__in=self.get_allowed_plans(request))
return qs
def save_model(self, request, obj, form, change):
limited = self.has_limited_access(request.user)
if not change and limited:
# When added by a limited user,
# autofill user and organization
obj.user = request.user
if obj.plan.organization:
user_has_org = request.user.organization_set.all().filter(pk=1).exists()
if user_has_org:
obj.organization = obj.plan.organization
res = super().save_model(request, obj, form, change)
obj.plan.update_from_updates()
return res
def has_limited_access(self, user):
return not user.has_perm("froide_gov.change_governmentplanupdate")
def get_allowed_plans(self, request):
if not self.has_limited_access(request.user):
return GovernmentPlan.objects.all()
groups = request.user.groups.all()
return GovernmentPlan.objects.filter(group__in=groups).distinct()
def get_fields(self, request, obj=None):
if self.has_limited_access(request.user):
return (
"plan",
"title",
"timestamp",
"content",
"url",
"status",
"rating",
"public",
)
return super().get_fields(request, obj=obj)
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == "plan":
if self.has_limited_access(request.user):
kwargs["queryset"] = self.get_allowed_plans(request)
return super().formfield_for_foreignkey(db_field, request, **kwargs)
def user_in_obj_group(self, request, obj):
if not obj.plan.group_id:
return False
user = request.user
return User.objects.filter(pk=user.pk, groups=obj.plan.group_id).exists()
def has_view_permission(self, request, obj=None):
if obj and self.user_in_obj_group(request, obj):
return True
return super().has_view_permission(request, obj=obj)
def has_add_permission(self, request):
return super().has_add_permission(request)
def has_change_permission(self, request, obj=None):
if obj and self.user_in_obj_group(request, obj):
return True
return super().has_change_permission(request, obj=obj)
admin.site.register(Government, GovernmentAdmin)
admin.site.register(GovernmentPlan, GovernmentPlanAdmin)